-2 points

I ripped one out in the elevator with the CEO. He said ‘you disgust me’ and the secretary ran out in floods of tears. About three months later I tendered my resignation because a promising opportunity for advancement presented itself.

permalink
report
reply
4 points
*
Deleted by creator
permalink
report
reply
15 points
*

Where my infosec homies at??

They were issuing a single SSL cert to all of their clients. This cert was encrypting CC data.

That SSL cert lived on an FTP server.

The password was something like Spring2019!

We stored clients images on an SFTP server. I was a web dev. I didn’t have access to the SFTP server. I had to tell a team what dirs to put assets in so my clients websites could display images.

… Tell me youve seen worse, and I’ll continue to up the ante.

permalink
report
reply
2 points

I’m not sure I’ve seen worse, but I still want to see what’s worse than what you’ve posted

permalink
report
parent
reply
0 points

Oh I can keep going, baby. We just scratched the surface.

Ever heard of ProgressABL?

permalink
report
parent
reply
4 points

Current company I’m at I was reporting a slow Virtual server. It looked like one of the monitoring scripts was stuck in the loop and slowing the machine to a crawl.

Call up cyber, they proceed to tell me it’s drive issue. The google DRIVERS Download the first thing they see an ad for some virus. The machine ended up needing to be completely reimaged.
Some days mann

permalink
report
parent
reply
3 points

They were issuing a single SSL cert to all of their clients.

How does this even work? Doesn’t the domain admin send their own CSR? Even if your company was serving as that admin, a single cert only works for the domain to which it’s assigned, so how could it be reused for multiple clients?

permalink
report
parent
reply
2 points

I think it was a self signed SSL.

Not all SSLs are domain specific. There’s wildcard domains (used for subdomains or related domains), and self signed domains, and probably more.

Think like… A liquor store in the middle of nowhere that transmits CC data via internet. They have a SSL. They don’t necessarily even have a registered domain.

permalink
report
parent
reply
2 points
*

Self-signed certs are not viable for general use because they’ll generate a browser warning that “Joes Liquor Co is not a trusted Certificate Authority” that will scare off 99% of users. And wildcard certs still need at least one specific domain, e.g. *.joesliquor.com. The only way I can imagine this working is if the vendor was handing out separate servers on client.vendor.com and giving each of them the same SSL cert for *.vendor.com.

permalink
report
parent
reply
64 points

To explain my “fuck this shit” moment first we need to understand the company.

They were a smart pouring alcohol, beer wine alcohol kumbucha, whatever. They could pour it. They sold their product as PaaS, Pour as a Service. The idea was that you a bar owner could have them come in, install their taps (which they maintained) and you would have fancy data and controls over these taps.

You want 1 push to mean 12 Ozes of beer and for the taps to lockdown at 12am automatically? Bam, they’d do it. In theory at any rate. Truthfully, they never could get the pours perfect. It was actually pretty hilarious in hindsight because they wanted to advertise that they were solving shrinkage and waste lol.

Let’s move along though, when I got hired, the tech stuff was handled by me, a full stack developer, two electrical engineers, an embedded developer and a shit tier consultant that wanted to use Ansible for EVERYTHING including Infrastructure as Code (we’ll touch on that).

The tech stuff was either non distributed architecture, basically a piece of shit application made in nodejs running on I shit you not, beaglebone blacks. For reference page one of the user manual says “don’t use this in production” for good reason, one of the issues was the lack of a real time clock another was this hardware level race condition where the beaglebone just wouldn’t boot fully so it needed a reboot. Lol. Oh, also it was running debian wheezy in 2019 (unsure on exact timing) which had been EOLed back in 2018. I always found it using when they talked about security as if they gave a shit.

The other one was the distributed architecture, this was running on a board that was developed in house by one of the EEs. It had feature parity and was supposed to replace nonda. This one ran a bit differently using async messaging and some really fancy bells and whistles. It was also running debian Jessie, which wasn’t fantastic but better than nonda.

2 months after my hiring, the full stack developer left. The guy had a tendency to boil the ocean but he also knew damn near everything about both architectures. So losing him was fun and I had to take on everything he did, minus code, quickly. Our consultant meanwhile, took on very little.

As startups do, problems would happen and be bandaided, I would complain about tech debt get ignored and dumpster fires would happen as one would expect. After a while, we started losing more people, first the EE I wasn’t close to. Then the embedded guy and finally the EE I was close to.

At this point, I was stressed beyond belief and fucking sick of it. Both the culture and the bullshit where if I fucked up, I got punished but if the consultant fucked up or ignored policy nothing would happen.

I’m not sure on the timeline here but two things happened.

  1. there was an outage after hours. I wasn’t aware of it and was eating dinner with my family which is very important to me because family. After dad’s battle with cancer, I wanted to make sure important things like family dinner were a family time thing. No phones, no TV. Maybe music but mostly talking and spending time together.

Back to the story, I got called. Family excused me so I answered and was informed about the outage. They asked me to pitch in because it looked like something I was knowledgeable about, I said sure I don’t mind but I need to finish dinner with my family first, because we were already in the middle of it. Sounds reasonable right? Not to my boss. He demanded I stop, I held firm. He got pissy but relented and let me finish.

Bet you’re expecting some heroic effort and a saved the day right? Nah. I had nothing to do because it had nothing to do with me. No apology was given nor was a thank you extended. I literally sat there, scrolling reddit “being available”

  1. after my team left, I got asked to step up and at that point I was getting interested in the SRE space. I had been interviewing and wanted the title. So I asked for it, and was told “I’ll think about it” after they said there would be no raise. Weeks passed, nothing happened. Not even a “hey we need to say no”. So I got an offer from my current employer, had the title I wanted and everything. I accepted and gave previous employer less than 2 weeks. First thing the boss asked was if it was because of the no promotion.

Fast forward 2 years to April of this year. The board of investors fired the owner and coo and the company declared bankruptcy. Good fucking riddance. Bunch of stupid fucking schmucks.

permalink
report
reply
9 points

You want 1 push to mean 12 Ozes of beer and for the taps to lockdown at 12am automatically? Bam, they’d do it. In theory at any rate. Truthfully, they never could get the pours perfect. It was actually pretty hilarious in hindsight because they wanted to advertise that they were solving shrinkage and waste lol.

Um. That should be incredibly easy. Pharmaceutical companies have solved this decades ago. That’s how ever single vial of whatever sterile contents is always exactly perfectly filled. Were they trying to reinvent the wheel or something? Why not just use a normal metering pump?

permalink
report
parent
reply
7 points

Uncarbonated liquids are dead simple to titrate, it’s true. For a carbonated product like beer, it’s actually a much more complicated problem than it seems. The amount of foam you get on a keg pour of beer is effected by a lot of variables - how clean the lines are, how cold the lines are, how long the lines are, the diameter of the lines, whether you’re using beergas or co2, how old the beer is, if it’s keg conditioned or force carbonated, how recently the keg was moved into refrigeration, how cold the beer itself is, if it’s the first pour of the day or if the tap has been running frequently, the mechanical design of the faucet, the temperature, cleanliness, shape, and size of the glass it’s going into, and more. It’s really fiddly business, I can’t see how a push button system could take everything into account and render less wastage than a human operator with a feel for the system. Draft systems are voodoo, ask me how I know.

Anyway companies typically have an unrealistic expectation of what draft wastage ought to be. I would advise any bar to expect something like 15% wastage at minimum on professional draft equipment, more if they’re using bargain grade hardware anywhere in the system, but ownership doesn’t want to hear that.

permalink
report
parent
reply
6 points

Because metering pumps cost more in the short term than custom code, boards, software stacks, and most importantly…consultants.

permalink
report
parent
reply
82 points

I was working at a hospital that had to do ethics training twice per year because of previous violations. I was sitting on the floor in a super crowded room and the video opened with, “Do your ethics match those of your employer?” and i went, “Oh shit! They do not! I have to get out of here!”

permalink
report
reply
13 points

I am confused? The “previous violations” were your doing or the employers?

permalink
report
parent
reply
35 points

The hospital had violations and for the next 5 (i think) years, all staff had to do ethics training twice per year. Money and productivity were much more important to them than patient care. Shortly before i left they quit buying wet wipes. Staff was expected to clean patients (bathing, vomit, BM, blood) with washcloths that were put into laundry bins for wash and reuse.

permalink
report
parent
reply
20 points

They would have surely been fired if they had two ethics violations. Only companies get away with a slap on a wrist.

permalink
report
parent
reply
7 points
  • what you say and what you do are only vaguely connected
  • at the end of the day, money always matters more than anything else
  • if you have to follow the law, just stick to the letter instead of the spirit of it
permalink
report
parent
reply

Ask Lemmy

!asklemmy@lemmy.world

Create post

A Fediverse community for open-ended, thought provoking questions

Please don’t post about US Politics. If you need to do this, try !politicaldiscussion@lemmy.world


Rules: (interactive)


1) Be nice and; have fun

Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can’t say something nice, don’t say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them


2) All posts must end with a '?'

This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?


3) No spam

Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.


4) NSFW is okay, within reason

Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].


5) This is not a support community.

It is not a place for ‘how do I?’, type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.


Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija


Logo design credit goes to: tubbadu


Community stats

  • 10K

    Monthly active users

  • 4.4K

    Posts

  • 233K

    Comments